oadmin/xinghuoapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: custom menu pages with iframe embedding and CSP injection

Browse Source 
Add configurable custom menu items that appear in sidebar, each rendering
an iframe-embedded external page. Includes shared URL builder with
src_host/src_url tracking, CSP frame-src multi-origin deduplication,
admin settings UI, and i18n support.

chore: bump version to 0.1.87.19

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
erio
2026-03-02 19:37:40 +08:00
parent 7abec1888f
commit 067810fa98
27 changed files with 1071 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
tmp_api_orders/[id]/cancel/route.ts Normal file
View File

@@ -0,0 +1,37 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { cancelOrder, OrderError } from '@/lib/order/service';
const cancelSchema = z.object({
user_id: z.number().int().positive(),
});
export async function POST(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
try {
const { id } = await params;
const body = await request.json();
const parsed = cancelSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: '参数错误', details: parsed.error.flatten().fieldErrors },
{ status: 400 },
);
}
await cancelOrder(id, parsed.data.user_id);
return NextResponse.json({ success: true });
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
}
console.error('Cancel order error:', error);
return NextResponse.json({ error: '取消订单失败' }, { status: 500 });
}
}

50
tmp_api_orders/[id]/route.ts Normal file
View File

@@ -0,0 +1,50 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
export async function GET(
request: NextRequest,
{ params }: { params: Promise<{ id: string }> },
) {
const { id } = await params;
const order = await prisma.order.findUnique({
where: { id },
select: {
id: true,
userId: true,
userName: true,
amount: true,
status: true,
paymentType: true,
payUrl: true,
qrCode: true,
qrCodeImg: true,
expiresAt: true,
paidAt: true,
completedAt: true,
failedReason: true,
createdAt: true,
},
});
if (!order) {
return NextResponse.json({ error: '订单不存在' }, { status: 404 });
}
return NextResponse.json({
order_id: order.id,
user_id: order.userId,
user_name: order.userName,
amount: Number(order.amount),
status: order.status,
payment_type: order.paymentType,
pay_url: order.payUrl,
qr_code: order.qrCode,
qr_code_img: order.qrCodeImg,
expires_at: order.expiresAt,
paid_at: order.paidAt,
completed_at: order.completedAt,
failed_reason: order.failedReason,
created_at: order.createdAt,
});
}

46
tmp_api_orders/my/route.ts Normal file
View File

@@ -0,0 +1,46 @@
import { NextRequest, NextResponse } from 'next/server';
import { prisma } from '@/lib/db';
import { getCurrentUserByToken } from '@/lib/sub2api/client';
export async function GET(request: NextRequest) {
const token = request.nextUrl.searchParams.get('token')?.trim();
if (!token) {
return NextResponse.json({ error: 'token is required' }, { status: 400 });
}
try {
const user = await getCurrentUserByToken(token);
const orders = await prisma.order.findMany({
where: { userId: user.id },
orderBy: { createdAt: 'desc' },
take: 20,
select: {
id: true,
amount: true,
status: true,
paymentType: true,
createdAt: true,
},
});
return NextResponse.json({
user: {
id: user.id,
username: user.username,
email: user.email,
displayName: user.username || user.email || `用户 #${user.id}`,
balance: user.balance,
},
orders: orders.map((item) => ({
id: item.id,
amount: Number(item.amount),
status: item.status,
paymentType: item.paymentType,
createdAt: item.createdAt,
})),
});
} catch (error) {
console.error('Get my orders error:', error);
return NextResponse.json({ error: 'unauthorized' }, { status: 401 });
}
}

68
tmp_api_orders/route.ts Normal file
View File

@@ -0,0 +1,68 @@
import { NextRequest, NextResponse } from 'next/server';
import { z } from 'zod';
import { createOrder, OrderError } from '@/lib/order/service';
import { getEnv } from '@/lib/config';
const createOrderSchema = z.object({
user_id: z.number().int().positive(),
amount: z.number().positive(),
payment_type: z.enum(['alipay', 'wxpay']),
});
export async function POST(request: NextRequest) {
try {
const env = getEnv();
const body = await request.json();
const parsed = createOrderSchema.safeParse(body);
if (!parsed.success) {
return NextResponse.json(
{ error: '参数错误', details: parsed.error.flatten().fieldErrors },
{ status: 400 },
);
}
const { user_id, amount, payment_type } = parsed.data;
// Validate amount range
if (amount < env.MIN_RECHARGE_AMOUNT || amount > env.MAX_RECHARGE_AMOUNT) {
return NextResponse.json(
{ error: `充值金额需在 ${env.MIN_RECHARGE_AMOUNT} - ${env.MAX_RECHARGE_AMOUNT} 之间` },
{ status: 400 },
);
}
// Validate payment type is enabled
if (!env.ENABLED_PAYMENT_TYPES.includes(payment_type)) {
return NextResponse.json(
{ error: `不支持的支付方式: ${payment_type}` },
{ status: 400 },
);
}
const clientIp = request.headers.get('x-forwarded-for')?.split(',')[0]?.trim()
|| request.headers.get('x-real-ip')
|| '127.0.0.1';
const result = await createOrder({
userId: user_id,
amount,
paymentType: payment_type,
clientIp,
});
return NextResponse.json(result);
} catch (error) {
if (error instanceof OrderError) {
return NextResponse.json(
{ error: error.message, code: error.code },
{ status: error.statusCode },
);
}
console.error('Create order error:', error);
return NextResponse.json(
{ error: '创建订单失败,请稍后重试' },
{ status: 500 },
);
}
}